Interview: Facebook engineering VP talks Connect

We had a chance to chat with Facebook's Mike Schroepfer, VP of Engineering, …

Facebook Connect

Facebook Connect

The next major push for Facebook is Facebook Connect, which after months of previews, courting developers, and experience tweaking, the company kicked off a media blitz for this weekend and to the public today. As a new interoperable login system on par with OpenID and DataPortability's ambitions of giving users a centralized set of credentials, Facebook Connect embodies a lot of potential. Learning from the privacy lessons that emerged out of the Facebook Beacon advertising snafu, though, Schroepfer stressed that a tremendous amount of care has gone into the design of Facebook Connect's security protocols and strict data retention policies.

Many perceive Facebook Connect as the closed antithesis of competition like OpenID, which allows a growing number of companies and organizations to offer their own set of OpenID keys to users. Schroepfer disagreed with this perception, and proposed that Facebook is aspiring to be something more, or at least besides, an identity gatekeeper: "The intent isn't single sign-on. The intent is to bring people to the web so that when I am engaging on a site that is not Facebook, and I make a comment on someone's blog or make a post in a forum, my friends can get notified that I did that action, or I can filter and sort responses to a thread or a question of what's the best restaurant in Palo Alto."

"It's the approach of getting not just your identity, but your connections to your friends, and having that available both on the external site, and having activities on that site, as you are interested, posted back to Facebook."

But while Facebook has been concocting this framework of interoperable sharing that just launched publicly today for developers and website owners, Schroepfer stressed again that Facebook has paid extremely close attention to both the security implications and overall experience for the end user. "We're really trying to respect the users' different approaches to privacy, to make sure that they publish things based on how they're comfortable with different groups of people."

"One of the technically difficult things we worked on with Connect," Schroepfer continued, "is how do we get those privacy settings in Facebook respected off of the Facebook site if I'm using Connect?" He went on to explain a scenario where one's Facebook Connect credentials are used to log into a site and populate information, but the display of a Facebook profile photo can be restricted to other Facebook friends who use Connect to log into the site. Schroepfer refers to these shifting privileges as "Dynamic Privacy," and they are at the core of Facebook's focus on making sure control remains in the hands of the user. More information on Facebook's policies and best practices for Facebook Connect partners can be found at Facebook's developer wiki.

"That isn't even in the ethos or design of OpenID, as it's just a way to bring your identity, but not additional information about friends and privacy. So I think you can end up using your Facebook credentials for sign-on but that's actually not at all the focus of Connect. It's a kind of necessary requirement in order to get us to the really important part, which is bringing information about my friends and family to the site, bringing information about my activities off of Facebook to my friends on Facebook, and respecting and adapting to my privacy in real time on those sites."

If it isn't clear by now, Facebook Connect is one of, if not the, most significant initiatives that Facebook has ever taken on, and Schroepfer emphasized multiple times the weight with which the overall experience is being examined. As the system has just rolled out officially across major partners like The Discovery Channel, Digg, and Hulu, Facebook Connect could turn out to be one of the site's largest steps toward Schroepfer's goal of turning Facebook into "the next great web platform."